路由器和路由器之间的VPN配置

56778rrrre

Hub Router2503#show running-configBuilding configuration...Current configuration : 1466 bytes!version 12.2service timestamps debug datetime msecservice timestamps log uptimeno service password-encryption!hostname 2503!!ip subnet-zero!!!--- Configuration for IKE policies.crypto isakmp policy 10!--- Enables the IKE policy configuration (config-isakmp) !--- command mode, where you can specify the parameters that !--- are used during an IKE negotiation.hash md5authentication pre-sharecrypto isakmp key cisco123 address 200.1.2.1crypto isakmp key cisco123 address 200.1.3.1!--- Specifies the preshared key "cisco123" which should !--- be identical at both peers. This is a global !--- configuration mode command.!!--- Configuration for IPSec policies.crypto ipsec transform-set myset esp-des esp-md5-hmac !--- Enables the crypto transform configuration mode, !--- where you can specify the transform sets that are used !--- during an IPSec negotiation. !crypto map mymap 10 ipsec-isakmp !--- Indicates that IKE is used to establish !--- the IPSec security association for protecting the !--- traffic specified by this crypto map entry.set peer 200.1.2.1!--- Sets the IP address of the remote end.set transform-set myset !--- Configures IPSec to use the transform-set !--- "myset" defined earlier in this configuration.match address 110!--- Specifyies the traffic to be encrypted.crypto map mymap 20 ipsec-isakmp set peer 200.1.3.1set transform-set myset match address 120!!!!inte***ce Loopback0ip address 10.1.1.1 255.255.255.0!inte***ce Ethernet0ip address 200.1.1.1 255.255.255.0no ip route-cache!--- You must enable process switching for IPSec !--- to encrypt outgoing packets. This command disables fast switching.no ip mroute-cachecrypto map mymap!--- Configures the inte***ce to use the !--- crypto map "mymap" for IPSec.!!--- Output suppressed.ip classlessip route 172.16.1.0 255.255.255.0 Ethernet0ip route 192.168.1.0 255.255.255.0 Ethernet0ip route 200.1.0.0 255.255.0.0 Ethernet0ip http server!access-list 110 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255access-list 110 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255access-list 120 permit ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255access-list 120 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255!--- This crypto ACL-permit identifies the       1/2 12下一页尾页